package com.hna.eking.AirlineServer.security;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.util.Assert;


public class DeviceUserProcessingFilter extends AbstractAuthenticationProcessingFilter {
	
	private String faildPage;
	private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	
	public void setAuthenticationSuccessHandler(
			AuthenticationSuccessHandler successHandler) {
		Assert.notNull(successHandler, "successHandler cannot be null");
		this.successHandler = successHandler;
	}

    /** 
     * 必须要实现无参构造 
     * 访问路径
     */  
	protected DeviceUserProcessingFilter() {
		super("/login/device");
	}

	public DeviceUserProcessingFilter(String defaultFilterProcessesUrl) {
		super(defaultFilterProcessesUrl);
	}
	
	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException, IOException, ServletException {
        String username = request.getParameter("username");  
        String uuid = request.getParameter("uuid"); 
        String password = request.getParameter("password"); 
        DeviceUser user = new DeviceUser(username, uuid, password);
        UsernamePasswordAuthenticationToken deviceToken = new UsernamePasswordAuthenticationToken(user, password); 
        
        return this.getAuthenticationManager().authenticate(deviceToken);
	}
	
	//没看明白这个方法干嘛用的
    @Override  
    public void afterPropertiesSet() {  
//        super.afterPropertiesSet();  
//          
//        AuthenticationFaildPage  faild = new AuthenticationFaildPage();  
//        faild.setFaildPage(faildPage);  
//          
//        this.setAuthenticationFailureHandler(faild);  
        Assert.notNull(this.getAuthenticationManager(), "authenticationManager must be specified");
          
    } 
    
    
    //重写,防止登录后将UsernamePasswordAuthenticationToken对象存到session
    @Override
    protected void successfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, FilterChain chain, Authentication authResult)
			throws IOException, ServletException {

		if (logger.isDebugEnabled()) {
			logger.debug("Authentication success. Updating SecurityContextHolder to contain: "
					+ authResult);
		}
//		SecurityContextHolder.getContext().setAuthentication(authResult);
//		rememberMeServices.loginSuccess(request, response, authResult);

		// Fire event
//		if (this.eventPublisher != null) {
//			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
//					authResult, this.getClass()));
//		}

		successHandler.onAuthenticationSuccess(request, response, authResult);
	}
	
    public String getFaildPage() {  
        return faildPage;  
    } 
	
    public void setFaildPage(String faildPage) {  
        this.faildPage = faildPage;  
    }  

}
